/**
 * Copyright (C), 2012-2018, 联奕科技有限公司
 * FileName: BrowserSecurityConfig
 * Author:   石贵武
 * Date:     2018\3\8 0008 14:42
 * Description: 配置
 * History:
 * <author>          <time>          <version>          <desc>
 * 作者姓名           修改时间           版本号              描述
 */
package com.zhoudongxiu.security.browser;


import com.zhoudongxiu.security.core.authentication.mobile.config.FormAuthenticationConfig;
import com.zhoudongxiu.security.core.authentication.mobile.config.SmsCodeAuthenticationSecurityConfig;
import com.zhoudongxiu.security.core.constants.SecurityConstants;
import com.zhoudongxiu.security.core.properties.SecurityProperties;
import com.zhoudongxiu.security.core.vaildators.config.ValidateCodeSecurityConfig;
import org.apache.tomcat.jdbc.pool.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;

/**
 * 〈一句话功能简述〉<br>
 * 〈适配器类〉
 *
 * @author 石贵武
 * @create 2018\3\8 0008
 * @since 1.0.0
 */
@Configuration
public class BrowserSecurityConfig extends WebSecurityConfigurerAdapter {



    @Autowired
    private SecurityProperties securityProperties;

    @Autowired
    private AuthenticationSuccessHandler shiguiwuAuthenticationSuccessHandler;

    @Autowired
    private AuthenticationFailureHandler shiguiwuAuthenticationFailureHandler;

    @Autowired
    private DataSource dataSource;

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private SmsCodeAuthenticationSecurityConfig smsCodeAuthenticationSecurityConfig;

    @Autowired
    private ValidateCodeSecurityConfig validateCodeSecurityConfig;

    @Autowired
    private FormAuthenticationConfig formAuthenticationConfig;

    /*配置记住我的一个的数据库读写，然后跟token的对象*/
    @Bean
    public PersistentTokenRepository persistentTokenRepository() {
        JdbcTokenRepositoryImpl tokenRepository = new JdbcTokenRepositoryImpl();
        tokenRepository.setDataSource(dataSource);
//        tokenRepository.setCreateTableOnStartup(true);
        return tokenRepository;
    }


    @Override
    protected void configure(HttpSecurity http) throws Exception {

        formAuthenticationConfig.configure(http);


//        http.httpBasic()
        http.apply(validateCodeSecurityConfig)
                .and()
                .apply(smsCodeAuthenticationSecurityConfig)
                .and()
                .rememberMe()
                    .tokenRepository(persistentTokenRepository())
                    .tokenValiditySeconds(securityProperties.getBrowser().getRememberMeSeconds())
                    .userDetailsService(userDetailsService)
                .and()
                .authorizeRequests()
                .antMatchers(SecurityConstants.DEFAULT_UNAUTHENTICATION_URL
                        , securityProperties.getBrowser().getLoginPage()
                        , SecurityConstants.DEFAULT_SIGN_IN_PROCESSING_URL_MOBILE
                        ,SecurityConstants.DEFAULT_VALIDATE_CODE_URL_PREFIX).permitAll()
                .anyRequest().authenticated()
                .and().csrf().disable();//跨站防护功能停掉

    }
}